On 08/09/2011 21:22, Christopher Schultz wrote: > Mark, > > On 9/8/2011 11:47 AM, Mark Thomas wrote: >> On 08/09/2011 16:13, Christopher Schultz wrote: >>> Should we mention this on the Security page directly for those >>> who didn't read the announcement on the users' list? >> >> No reason why not. Go for it. > > Also, security-5.html says that Tomcat 5.0.0 - 5.0.33 are affected. > It should probably be 5.5.0-5.5.30, right?
It should say all 5.5.x versions up to the latest - 5.5.33 - are affected. 5.0.x is almost certainly affected but since we stopped supporting that we no longer check if it is vulnerable nor report on it. I'll fix that in a tick. Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
